5
What is ?  The most popular host-based IDS for Linux Also popular with Windows  Change monitoring and analysis tool Establishes control over both authorized and unauthorized changes on servers  Provides enterprises with … High availability Compliance with regulations from internal and external policies More effective systems security

8
Management Buy-In  Problem High initial cost and man-hours Management not concerned with internal risk  What sold Management? The ability to monitor the DMZ 24/7 from illicit activity … and then be able to recover quickly

9
Deployment  Initial deployment One management station Tripwire client running on 2 web servers and 1 data server This deployment was a success Full scale deployment followed

10
concerns  Too many false positives Due to mis-configuration Server group less likely to promptly address real issues  Do Tripwire vulnerabilities exist? 2004 – Format String Vulnerability  When an e-mail report was created, a local user could execute arbitrary code that runs as the same rights as the user running the file check (usually root or sys admin) 2001 – Symbolic link attack  On Linux and Unix, Tripwire opens insecure temporary files with predictable names in publicly-writable directories. Using a symbolic link attack, a local intruder may overwrite or create arbitrary files on machines running tripwire. Others ?????

13
Alternative IDS Products (Open Source)  AIDE -- http://sourceforge.net/projects/aide http://sourceforge.net/projects/aide Stands for Advanced Intrusion Detection Environment Similar capabilities as Tripwire Billed as a free replacement for Tripwire Terms under GNU General Public License  Integrit -- http://sourceforge.net/projects/integrit http://sourceforge.net/projects/integrit Simple, secure alternative to Tripwire and AIDE Small memory footprint Terms under GNU General Public License  Why NONE of these products were chosen? Management at OurCompany does not consider Open Source an option at this time No support plan available on these products